On Mon, Aug 19, 2024 at 1:56 PM Buck Horn via Dnsmasq-discuss <dnsmasq-discuss@lists.thekelleys.org.uk> wrote: > > On 19.08.24 18:38, Corey Minyard wrote: > > On Mon, Aug 19, 2024 at 8:58 AM Buck Horn via Dnsmasq-discuss > <dnsmasq-discuss@lists.thekelleys.org.uk> wrote: >> >> It's not entirely clear from your description, but if your goal would be >> to have dnsmasq forward DNS requests to a DoT server, then dnsmasq can't >> do that: It fully supports DNS (port 53 UDP/TCP), but does not support >> DoT (port 853 TCP) at all. You would need a DoT proxy between dnsmasq >> and your DoT server for that use case. > > > That's my overall goal, but I have stunnel which will take a TCP connection > and forward it over TLS. It would be nice if dnsmasq would support DoT, but > I'm ok that it doesn't. bind doesn't, either. > > > I see - so your dnsmasq TCP requirement is introduced by your choice of > stunnel? > > But stunnel isn't a DoT proxy, it is a TLS proxy wrapper, and as such, would > lack UDP support, somewhat naturally employing TCP only. > > A proper DoT proxy would have to support UDP as well as TCP, as both > protocols are mandatory for DNS. > > Instead of trying to find some bandaid for dnsmasq, I'd recommend to consider > using a proper DoT/DoX proxy instead (e.g. AdguardTeam/dnsproxy). Or if you > would already happen to run nginx, I believe that could also be configured to > act as DNS to DoT gateway.
Ah, that's what I was looking for. I searched and for some reason these didn't show up, I got some things that were woefully inadequate. One of these should do what I'm looking for. Thanks, -corey > > Kind regards, > > Buck > > _______________________________________________ > Dnsmasq-discuss mailing list > Dnsmasq-discuss@lists.thekelleys.org.uk > https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss _______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
